mbedtls: ramdom can use havege if enabled. #1227

wants to merge 1 commit into


None yet

3 participants

p1ng0o commented Jan 25, 2017

I didn't succeed to write a "proper" CTR-DRBG random generator. So let's begin with havege 👍

Anyway, should I save mbedtls_havege_state somewhere ?


@p1ng0o, thanks for your PR! By analyzing the history of the files in this pull request, we identified @sasq64, @bagder and @jay to be potential reviewers.

@bagder bagder added the SSL/TLS label Jan 26, 2017
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s\n",
+ -ret, errorbuf);
bagder Jan 26, 2017 Member

shouldn't it also return an error here?

bagder commented Jan 26, 2017

should I save mbedtls_havege_state somewhere

You tell me! Should it be saved? When the 'data' pointer is provided, it could be stored in that struct.

@@ -729,6 +729,56 @@ size_t Curl_mbedtls_version(char *buffer, size_t size)
(version>>16)&0xff, (version>>8)&0xff);
+int Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
+ size_t length)
bagder Jan 26, 2017 Member

I think this is better declared to return CURLcode rather than int.

p1ng0o commented Jan 27, 2017

The question was, do I privilege cpu time (struct on data), or mem (struct on cstack).
But regarding other vtls implementation of random, and for consistency, It should be better on cstack.

@p1ng0o p1ng0o mbedtls: implement CTR-DRBG and HAVEGE random generators.
bagder commented Jan 27, 2017

Yeah, this function is not used a lot nor in any high performance situation so I think that's totally fine.

@bagder bagder closed this in a90a5bc Jan 29, 2017
bagder commented Jan 29, 2017


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment